Deparse: Emit package before use

[perl5.git] / pod / perlhacktips.pod

diff --git a/pod/perlhacktips.pod b/pod/perlhacktips.pod
index 5cd04e4..3d477da 100644 (file)
--- a/pod/perlhacktips.pod
+++ b/pod/perlhacktips.pod
@@ -581,6 +581,7 @@ snprintf() - the return type is unportable.  Use my_snprintf() instead.
 =head2 Security problems
 
 Last but not least, here are various tips for safer coding.
+See also L<perlclib> for libc/stdio replacements one should use.
 
 =over 4
 
@@ -592,6 +593,12 @@ Or we will publicly ridicule you.  Seriously.
 
 =item *
 
+Do not use tmpfile()
+
+Use mkstemp() instead.
+
+=item *
+
 Do not use strcpy() or strcat() or strncpy() or strncat()
 
 Use my_strlcpy() and my_strlcat() instead: they either use the native
@@ -616,6 +623,22 @@ of the program is UTF-8.  What happens is that the C<%s> and its operand are
 simply skipped without any notice.
 L<https://sourceware.org/bugzilla/show_bug.cgi?id=6530>.
 
+=item *
+
+Do not use atoi()
+
+Use grok_atou() instead.  atoi() has ill-defined behavior on overflows,
+and cannot be used for incremental parsing.  It is also affected by locale,
+which is bad.
+
+=item *
+
+Do not use strtol() or strtoul()
+
+Use grok_atou() instead.  strtol() or strtoul() (or their IV/UV-friendly
+macro disguises, Strtol() and Strtoul(), or Atol() and Atoul() are
+affected by locale, which is bad.
+
 =back
 
 =head1 DEBUGGING